Common Additional Security Roles

Access to this product feature is dependent on your institution's Watermark agreement
Base | Faculty Accomplishments | Reviews, Promotion and Tenure | Web Profiles

As access requirements and roles change at your institution, or during the implementation process, you may find that security roles outside of our core offering are necessary. We've outlined common examples of these security roles below. Changes to the permissions of a security role, or creation of a brand new role are submitted as part of a General Work Request. For more detail on submitting changes, also reference Reviewing and Creating New Security Roles

Individual Security Role

Many campuses, departments, or faculty have a need for proxy users and these proxy users may only need access to run certain administrative reports or to manage data for a specific set of users, in which case an individual security role would be best suited to assign to those proxy users and this role can be assigned to as many proxy users as needed.
The individual security role can be granted the following permissions:
  • Manage Data: Proxy
  • Run Ad Hoc Reports
  • Run Custom Reports
  • Change Your Password


 Note: When an individual security role is created, unless specified otherwise, the role will be set up with the Manage Data: Proxy permission and access to run the same reports as the Faculty security role.

File Download Security Role

Reports may have been customized to include links to files uploaded to Faculty Success - Activities. This enables users to provide additional documentation as part of reviews, promotion, or other submissions. This report is then distributed to reviewers who will need access to the file links. For institutions that do not manage their own file access through their mirrored files server, security roles will be used to determine whether an internal reviewer will have access to the file links in the report.

Internal reviewers must have the "Manage Data" or "File Download" permission as part of their Security Role in order to access the file links within a report that has been shared with them. A File Download security role is used when a reviewer does not have the ability to manage data for the user being reviewed. This role has an unrestricted scope because it is frequently required in the scenario for the reviewer to be able to successfully open file links for any report that has been shared with them.

Once the role has been created, it may be assigned to the users who require this role to access file links in reports. It is worth keeping in mind that in order for a user to access the  file links in reports, the user must first be logged into Faculty Success in their primary browser, then click the link to download the file. If a user clicks a file link in a report while not logged in, they will be prompted to authenticate. 

The File Download role is a common solution for committee members, who would not be expected to have access to manage data for the individual under review.


CV Import Security Role

The CV Import tool simplifies data entry in Faculty Success by importing users' CVs and assisting with parsing activities and accomplishments into their appropriate sections of the system. Users can gain access to this tool when their assigned security role includes the "CV Import" permission. 

To add the CV import tool permission to an existing self-scoped security role like "Faculty," administrators must submit a general work request. Upon completion of the work request, all users with that security role will be able to access the CV import utility.

For more information on how to use the CV Import tool, see CV Imports and for a guide on how to review your existing security roles, visit Reviewing and Creating New Security Roles.

Alternatively, administrators can create a standalone security role to assign specific users access to the CV import tool. To create this security role, administrators submit a general work request specifying the creation of the CV Import security role. This role will be self-scoped, meaning users will only be able to use the tool for themselves and not on behalf of other accounts. Once the new CV Import security role is created, administrators can begin assigning it to users who need access to the CV import tool. 

You may also request a new role for the CV Import tool that is scoped to an individual or unit level. Using either approach, the new security role can be granted to users to give them access to use the tool on behalf of other users. This is common for proxy users helping onboard new faculty or new units to Faculty Success.


College or Department Proxy Security Role

You may encounter cases where faculty hire assistants to enter the bulk of their activities into the system. In such cases you need to give that assistant access to manage data for that faculty member, but ensure that this person does not receive the ability to see hidden fields and edit read-only fields. To accomplish this you can give this person a Proxy security role.
This role grants one user access to perform certain functions for another specific user. You can assign a user to the Proxy security role for as many users as needed.
The supported permissions for a Proxy security role are:
  • Manage Data: Proxy
  • Run Ad Hoc Reports
  • Run Custom Reports
  • Change Your Password

Most commonly a Proxy security role needs just the Manage Data: Proxy permission so a user can enter data on behalf of specific faculty members. Proxy users may also need report access, though, if their responsibilities involve proofing how data will display in reports, or actually running reports - like a Vita - for specific faculty members.

Department Users and Security

We have often found ourselves creating security roles at the Department level, with just the Users and Security permission. To understand why this type of role would be used, we need to first explain how Faculty Success handles College and Department values in a University instrument. Ultimately, unless you customize this - which we don't recommend - we maintain college and department lists independently. The association between these two values comes through the users assigned to each college and department. To restate this, the association is only in your data - it is not between the fields, or the values themselves.

This means that assigning a user to a college-level role gives them access to all the permissions within the role for the college selected. The departments which reside within that college are not handled or included as part of this role.

In most cases, this works exactly as you need it to. Since you are using Manage Data  for a college's users, or running reports on a specific college - and drilling down based on the users' department assignments, you don't notice that you don't have permissions for specific departments. Where this does become an issue, however, is in Users and Security itself. With a college-level security role, you can assign the following scopes of security roles:

  • College
  • Self
  • Individual

Department is conspicuously missing from this list. In order to assign department-level security roles, a user needs to have Users and Security for the department(s) they should be able to assign. In order to meet this need, we create Department Users and Security roles with just the Users and Security permission.


Administrator Security Roles 

Faculty Success provides four default types of Administrator roles that meet the general needs of many clients:

  • University Administrator: Full access to Faculty Success. This includes access to all user accounts. Can submit work requests. Can also access a report under "View Security Roles" titled "Download Custom Report Security Details," which outlines the security roles to which a report is available. Since this role has work request permission, it is best practice to only have one user account assigned to the University Administrator security role, which can only be provisioned to one user account at the campus level.
  • University Limited Administrator: Has the same permissions as the University Administrator except the work requests permission and the report security download report. There is no restriction on the number of user accounts you can add to this security role.
  • College Administrator: Full access to Faculty Success tools and utilities for a specific college. This includes access to manage user accounts for that college. A user assigned to this role can submit work requests for their assigned college. There can only be one user account assigned to the College Administrator security role for each college, as this security role has the Work Requests permission, which can only be provisioned to one user account per college. This role does not have access to the Download Custom Report Security Details spreadsheet available in the Users and Security utility. 
  • College Limited Administrator: Has the same permissions as the College Administrator except the work requests permission. No restriction on the number of user accounts you can add to this security role per college.


Note: If you are implementing Faculty Success for a single unit or college, your instrument will not contain the university-level administrative security roles. If it is necessary to give all the users, or a subset of users, on your project team access to the Work Request permission, please visit Assigning Multiple Users to the Work Request Permission

Articles in this section

How to Contact Support
There are many ways to reach out! Click here for our support options.
Watermark Academy
Click to access the Watermark Academy for consultation, training, and implementation companion courses.
Watermark Customer Community
Engage and connect with others!